[Samba] Samba4.2rc4 with winbindd in config cannot start samba process
Kelvin Yip
kelvin at icshk.com
Tue Jan 20 23:00:56 MST 2015
Hi all,
I have tried to migrate a domain from Samba3 to Samba4 Ad and now using
samba RC4. Referring to release note document, I should use winbindd instead
of winbind. However, I cannot start samba4 daemon when using winbindd
parameters, but can start using winbind parameters.
Would you please help. Thanks. Below is the current config file:
[global]
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = ICS
realm = icshk.local
netbios name = LINUX01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
# server string is the equivalent of the NT Description field
server string = %h
#domain admin group = root
#hosts allow = 192.168.188. 127.
#socket address = 192.168.188.1
#interfaces = eth0 192.168.188.1
#interfaces = eth0 192.168.188.0/24
interfaces = lo bond0
#interfaces = lo bond0 em1 em2 em3 em4
#interfaces = 192.168.188.0/24
bind interfaces only = yes
load printers = yes
#printing = lprng
#printcap name = /etc/printcap
printcap name = cups
printing = cups
cups options = raw
use client driver = Yes
log file = /var/log/samba/samba.log
max log size = 3000
log level = 3
debug level = 0
# log level = 10
# debug level = 10
pid directory = /var/run/samba
eventlog list = Application Security System
use sendfile=yes
#write cache size = 262144
#large readwrite = yes
#read raw = yes
#write raw = yes
# In order to store outlook pst in share drive, seems kernel oplocks
cannot be turn on
#kernel oplocks = yes
#max xmit = 65535
#dead time = 15
#getwd cache = yes
guest account = winguest
#security = user
encrypt passwords = yes
#smb passwd file = /etc/samba/smbpasswd
#username map = /etc/samba/smbusers
unix password sync = Yes
#pam password change = No
#obey pam restrictions = Yes
#passwd program = /usr/bin/passwd %u
passwd program = /usr/local/sbin/change_passwd.sh %u
passwd chat = *Enter*new*password* %n\n *Re-type*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
; passwd chat = *New*password* %n\n *ReType*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
# Modified for LDAP
#passdb backend = tdbsam, smbpasswd
#passdb backend = ldapsam:ldap://127.0.0.1/
#ldap passwd sync = No
#ldap suffix = dc=ics,dc=hk
#ldap admin dn = cn=ldapadmin,dc=ics,dc=hk
#ldap ssl =start tls
#ldap ssl = off
#ldap group suffix = ou=Groups
#ldap user suffix = ou=Users
#ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Users
#idmap config * : backend = tdb
#idmap config * : range = 1000000-1999999
#Note that password level 20 means compare passwords, CASE INSENSITIVE, for
the first 20 characters. This eliminates problems with Windows converting
everything to caps.
#password level = 20
check password script=/usr/local/sbin/crackcheck -l 2
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
IPTOS_LOWDELAY
#socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535
IPTOS_LOWDELAY
#socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=16384
SO_SNDBUF=16384 IPTOS_LOWDELAY
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
os level = 64
domain master = yes
preferred master = yes
domain logons = yes
logon script = %G.bat
add user script = /usr/sbin/useradd -g users -s /bin/false %u
add group script = /usr/sbin/groupadd %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -n -g machines -c Machines -d
/dev/null -s /bin/false %u
delete user script = /usr/sbin/userdel %u
delete user from group script = /usr/local/sbin/delUserfromGroup %u %g
delete group script = /usr/sbin/groupdel %g
set primary group script = /usr/sbin/usermod -g %g %u
# Modified for LDAP
#add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes
#add group script = /usr/sbin/smbldap-groupadd -p "%g"
#add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
#delete user script = /usr/sbin/smbldap-userdel "%u"
#add machine script = /usr/sbin/smbldap-useradd -w "%u"
#delete group script = /usr/sbin/smbldap-groupdel "%g"
#delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
#set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
#name resolve order = wins lmhosts bcast
name resolve order = lmhosts wins host bcast
# wins support = yes
wins proxy = no
dns proxy = no
msdfs root = yes
host msdfs = yes
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
# hide files = /desktop.ini/ntuser.ini/NTUSER.*/
# hide dot files = No
# veto files = /lost+found/
# hide unreadable = Yes
# Traditonal Chinese code page
# client code page = 950
dos charset = BIG5
#client lanman auth = Yes
#client plaintext auth = Yes
#lanman auth = Yes
utmp = Yes
#deadtime = 0
keepalive = 0
logon drive = x:
logon home = \\%L\%U
template homedir = /home/%U
#root preexec = /usr/local/sbin/smb_global_preexec.sh %U %m
#root postexec = /usr/local/sbin/smb_global_postexec.sh %U %m
#max protocol = SMB2
#nt acl support = Yes
#acl group control = Yes
#client NTLMv2 auth=Yes
time server=Yes
#enable privileges = yes
ea support = yes
restrict anonymous = 2
#restrict anonymous = 1
#server signing = mandatory
#server signing = auto
client signing = auto
client schannel = Auto
server schannel = Auto
client use spnego = yes
tls enabled = Yes
tls keyfile = tls/samba_linux01.icshk.local.key
tls certfile = tls/samba_linux01.icshk.local.pem
tls cafile =
#============================ UFS Logging ==============================
vfs objects = full_audit
full_audit:prefix = %u|%I|%m|%S
#full_audit:failure = connect
#full_audit:success = connect disconnect opendir mkdir rmdir closedir open
close read pread write pwrite sendfile rename unlink chmod
#full_audit:success = rename unlink rmdir pwrite
full_audit:success = rename unlink rmdir
full_audit:failure = none
full_audit:facility = local6
full_audit:priority = notice
More information about the samba
mailing list